File tree Expand file tree Collapse file tree
appsec-rules/crowdsecurity Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ # # autogenerated on 2026-07-01 13:08:11
2+ name : crowdsecurity/vpatch-CVE-2026-34197
3+ description : ' Detects RCE in Apache ActiveMQ via Jolokia addNetworkConnector with xbean brokerConfig'
4+ rules :
5+ - and :
6+ - zones :
7+ - URI
8+ transform :
9+ - lowercase
10+ match :
11+ type : contains
12+ value : /api/jolokia/
13+ - zones :
14+ - RAW_BODY
15+ transform :
16+ - lowercase
17+ match :
18+ type : contains
19+ value : ' addnetworkconnector'
20+ - zones :
21+ - RAW_BODY
22+ transform :
23+ - lowercase
24+ match :
25+ type : contains
26+ value : ' brokerconfig=xbean:http'
27+
28+ labels :
29+ type : exploit
30+ service : http
31+ confidence : 3
32+ spoofable : 0
33+ behavior : ' http:exploit'
34+ label : ' Apache ActiveMQ - RCE'
35+ classification :
36+ - cve.CVE-2026-34197
37+ - attack.T1190
38+ - cwe.CWE-94
You can’t perform that action at this time.
0 commit comments